[sudo-users] CGI not allowing sudo command
David Logan
david at lcscreative.com
Sun Jan 2 02:03:16 EST 2005
Todd C. Miller wrote:
>I don't see anything obviously wrong with what you have there,
>though did you mean:
> Runas_Alias MAILLIST = mailman
>
>Not:
> Runas_Alias MAILLIST = %mailman
>
>The '%' indicates a group. Using '%mailman' *should* work so long
>as user mailman is in the mailman group but it looked a bit odd.
>
>When running it by hand does it still work if you run "su - mailman"
>(as opposed to "su mailman")?
>
> - todd
>
>
>
Hi Todd,
Thanks for the prompt reply, yes it works fine. I did a sudo -l when
logged in as nobody and this was the result, I had tried it as just
'mailman' and then decided to give it a punt as a group but that didn't
work either :
/usr/local/bin/sudo -l
User nobody may run the following commands on this host:
(%mailman) /usr/local/mailman/bin/
I really don't know what I've done. I am going to have to give nobody a
group membership of mailman and see if that works. The script works fine
if it is run by mailman
/ $ su mailman
/ $ echo david at lcscreative.com | /usr/local/mailman/bin/add_members -r
- -w n testlist
Subscribed: david at lcscreative.com
/ $ echo david at lcscreative.com | /usr/local/mailman/bin/remove_members
-f - -n testlist
/ $
I've just played around a bit more, looks like it could be a bug in
python or mailman. I am getting a permission denied message when trying
to open a config.pck file even though I am a member of the mailman
group. If I run newgrp and set my primary group to mailman, everything
works as it should.
Looks like python is not looking at all the valid groups for a user.
I'll go play some more but looks like sudo is not the issue. Mailman
runs as setgid which is why I was running as group mailman then it
shouldn't have mattered who the user was. (Well thats the theory 8-))
Regards
More information about the sudo-users
mailing list